Live Webinar 11/20: SMB Cyber Survival Guide 2025

Active Response: how Coalition helps keep incidents from becoming losses

Coalition Active Response

Through our Active Insurance coverage model, Coalition aims to help all businesses safely embrace technology in the digital economy. This unique approach is designed to continuously identify, prevent, and resolve digital risks before they strike. We accomplish this through an integrated process that begins with an Active Risk Assessment — then providing Active Protection, and Active Response (should an incident occur). This article is the third in a four-part series explaining these three key elements of Active Insurance.

Digital risk, which encompasses cyber incidents, is the great equalizer for modern businesses. Cyber incidents are on the rise, but despite a significant increase in cyberattacks, Coalition’s Active Insurance Response team resolved 46% of reported incidents at no additional cost to policyholders in 2021.

Taking a proactive approach to mitigating cyberthreats and evolving issues impacting risk, Active Insurance — built on a proprietary data platform that holistically assesses an organization from the outside — is significantly better equipped to support brokers and their clients in today’s data-driven, and virtually-connected world.

Traditional insurance platforms are static and lack the flexibility to respond to a fast-changing landscape of cyber issues, mergers and acquisitions, and distributed workforce-related employment issues. This is because traditional insurance:

  • Relies only on stagnant historical data to predict current and future risk

  • Only engages at key moments when there is a quote, claim, or renewal to price, transfer, and service risk

  • Assumes technical risk is mostly the domain of technical teams

  • Not reflective of real-time risk

  • Can’t keep pace with the evolving nature of digital risks

  • Doesn’t incentivize organizations to collaborate in protecting their most valuable assets

In contrast, Active Response leverages Coalition’s in-house expertise and access to threat intelligence through its Active Monitoring technology. This layered approach helps policyholders quickly resolve issues and resume business operations while minimizing costs.

By containing incidents before they spread, Coalition Incident Response (CIR) and claims teams recovered 75% of funds transfer fraud losses for policyholders and negotiated down ransom demands by 75%, as reported in the second half of 2021.

The Active Response trifecta

Our effectiveness is based upon a three-pronged approach to Active Response — security support, Coalition Incident Response (CIR), and claims.

Security support center. Coalition is the only cyber insurance provider with dedicated, in-house technical support committed to helping policyholders understand their cyber vulnerabilities and remediation options when responding to critical alerts.

CIR team. Coalition’s in-house staff of incident responders, forensic specialists, and security engineers respond immediately to help accelerate claims responses. From ransomware to reputational impacts, cyber issues are swiftly remediated to help businesses recover quickly if an incident occurs.

Coalition claims. Coalition’s claims team includes privacy attorneys and legal experts who can help you navigate the recovery process. Whether clawing back lost funds or managing vendors and law enforcement, Coalition’s claims team ensures claims are managed efficiently, minimizing costs to the policyholder.

Active Response optimizes protection and management before, during, and after a claim.

Before an organization falls victim to phishing, denial of service, or ransomware, Coalition leverages cybersecurity tools and threat intelligence to notify policyholders of exploits and provides guidance to reduce the risk of an attack and minimize the spread in the event a cyber incident occurs.

During an incident, policyholders have access to Coalition’s claim team 24/7. There is no waiting time to coordinate and authorize resources. Coalition’s team is available immediately, which can mean the difference between a minor road bump or a severe disruption of operations.

After an event, claims are paid, including breach and incident response costs, regulatory defense and penalties, and when appropriate cyber extortion demands.

Case in point: Active Response in action

During a busy holiday season, Coalition received a phone call from a restaurant group policyholder notified by the FBI that data from four of their servers had been compromised by tenacious threat actors. Unfortunately, the breach affected three corporate servers and one restaurant server with customer credit card information.

Remediation commenced immediately with the forensic discovery process, shutting down the virtual private network, and contacting the FBI for more information. Within two days, CIR gathered all the data, analyzed the situation, and responded by writing a script to kick the threat actors out and reclaim control of the network.

While the breach impacted the customer credit cards, Coalition’s Active Response team helped manage the crisis by mobilizing notification efforts to the impacted consumers. They also covered all litigations, depositions, and negotiations during the resulting two-year class action lawsuit. Ultimately, the restaurant group only paid $21,000 out-of-pocket of the $3 million claim.

To access more information on how Coalition can help brokers protect organizations, download our free Broker's Guide to Active Insurance.